Agent
The Agent App executes interactions with external Ethereum addresses, including smart contracts. Along with the Vault contract, the Agent can also hold its own Treasury, which a Finance App can manage. Multiple Agents can be helpful for various reasons, such as maintaining numerous treasuries or scoping permissions to external smart contracts related to your DAO or protocol (by making the Agent an owner or admin).
Installing the Appβ
There are no parameters needed to install a new agent to your DAO. However, the Agent relies on a tight set of permissions to do anything useful. Review the "Granting permissions" section before proceeding. You can use this syntax to install the Agent:
install agent:new
Common Usage Exampleβ
When installing an Agent, we recommend grating the Voting app with the TRANSFER_ROLE
, EXECUTE_ROLE
, and RUN_SCRIPT_ROLE
so exec agent
and act agent
commands can be used.
load aragonos as ar
ar:connect <organizationAddress> token-manager voting (
install agent:new
grant voting agent:new TRANSFER_ROLE voting
grant voting agent:new EXECUTE_ROLE voting
grant voting agent:new RUN_SCRIPT_ROLE voting
)
An Agent is a Vault on steroids, so after filling the Agent with some tokens, we can create a vote like this to transfer 1 ANT to my address:
load aragonos as ar
ar:connect <organizationAddress> token-manager voting (
exec agent transfer @token(ANT) @me 1e18
)
Installing Different App Versions
install <appName> [parameters...] --version <versionNumber>
For example:
install voting:new @token(HNY) 90e16 20e16 3d --version 1.0.0
It would install a new Voting app, using version 1.0.0, with HNY as the voting token, 90% support required, 20% quorum, and three days vote duration.
Granting Permissionsβ
warning
This command can potentially burn a permission manager if it is set to the wrong address, making the permission unable to be changed in the future. This is because we usually want to set the main Voting app as the permission manager of all permissions.
The Agent is made to carry out the requests from other apps or DAO members. So please, take some time to consider what entities need access to your Agent.
To grant permissions, you will use the following syntax:
grant <entity> <app> <roleName> [defaultPermissionManager]
In practice, this would look like this:
grant voting agent EXECUTE_ROLE voting
It would allow the Voting app to interact with external contracts or addresses using the Agent app.
Here is an exhaustive list of roles for the Agent app:
EXECUTE_ROLE
- Allows an entity to execute an external transaction through the Agent.
SAFE_EXECUTE_ROLE
- Allows the given entity to perform the
safeExecute
function through the Agent.
- Allows the given entity to perform the
TRANSFER_ROLE
- Allows an entity to transfer tokens from the Agent's balance.
ADD_PROTECTED_TOKEN_ROLE
- Allows this entity to add tokens to a list of tokens that cannot be spent or transferred while the Agent executes an action using
safeExecute
.
- Allows this entity to add tokens to a list of tokens that cannot be spent or transferred while the Agent executes an action using
REMOVE_PROTECTED_TOKEN_ROLE
- Allows this entity to remove tokens from a list of tokens that cannot be spent or transferred while the Agent executes an action using
safeExecute
.
- Allows this entity to remove tokens from a list of tokens that cannot be spent or transferred while the Agent executes an action using
ADD_PRESIGNED_HASH_ROLE
- Allows this entity to add a presigned hash to the Agent. Learn more.
DESIGNATE_SIGNER_ROLE
- Designates this entity as a signer for the Agent. Learn more.
RUN_SCRIPT_ROLE
- Allows this entity to run an EVM script on the Agent.
Types of Entities
An entity is an Ethereum Address. It can be specified using the Ethereum Address directly, using the entity identifier, or using an address that represents any entity.
- Specified Eth Address is expressed as the ETH address starting with
0x
. Only this address will be the specified entity. - Identifier is the name of the internal Aragon App installed on your DAO, such as
voting
,token-manager
(representing any token holder), oragent
. - Anyone is expressed as
ANY_ENTITY
and can be any user visiting your DAO with a web wallet.
Grant via an Oracle
true
then is the permission request approved. Here's the syntax of how to implement this:grant <entity> <app> <roleName> [defaultPermissionManager] --oracle <oracleAppName>
An excellent example of that is the 1hive token oracle Aragon app, which is an ACL oracle that returns true when the address that acts has a specific token. So take a look at this example:
grant ANY_ENTITY voting CREATE_VOTES_ROLE voting --oracle token-oracle.open
This action would grant any entity permission to create votes if they have a specific token. The token and minimum amount of tokens needed to hold would be specified when the app is installed on the DAO.
Revoking Permissionsβ
To remove permission from an entity, follow this syntax:
revoke <entity> <app> <roleName> [removePermissionManager=false]
In practice, this could look like this:
revoke voting agent TRANSFER_ROLE
It would remove the ability for the Voting app to transfer funds held by the Agent while keeping the Permission Manager in place should this permission need to be modified in the future.
Internal Actionsβ
Using the exec
command, we can create internal actions.
We'll use the transfer
function to show the syntax of the exec
command. The base syntax looks like this:
exec agent[:<id>] transfer <token> <to> <amount>
For example:
load aragonos as ar
ar:connect exampleDAO token-manager voting (
exec agent transfer @token(ANT) agent:1 100e18
)
It would create a vote to transfer 100 ANT tokens from the first Agent to the second Agent, given a second Agent is installed.
Below is an exhaustive list of all possible internal actions you can perform with the Agent app. In addition, we will identify the function in the contract and outline any parameters and permissions you need and the expected syntax to run them.
safeExecute
Parametersβ
target
- The address of the external contract you want to interact with. (address)data
- Calldata for the action. (bytes)
Permissionsβ
The entity executing the action via the Agent will need the SAFE_EXECUTE_ROLE
role.
Syntaxβ
exec agent safeExecute <target> <data>
addProtectedToken
It will add a specified token address to a list of tokens that cannot be spent or transferred while executed by the Agent using safeExecute
.
Parametersβ
token
- The token address of the token you want to protect.
Permissionsβ
The entity executing the action via the Agent will need the ADD_PROTECTED_TOKEN_ROLE
role. (address)
Syntaxβ
exec agent addProtectedtoken <token>
removeProtectedToken
It will remove a specified token address from a list of tokens that cannot be spent or transferred while executed by the Agent using safeExecute
.
Parametersβ
token
- The token address of the token you want to remove from the protected tokens list. (address)
Permissionsβ
The entity executing the action via the Agent will need the REMOVE_PROTECTED_TOKEN_ROLE
role.
Syntaxβ
exec agent removeProtectedtoken <token>
presignHash
setDesignatedSigner
Sets an address as the designated signer of the app, which then can sign messages on behalf of the app.
Parametersβ
address
- The address of the entity you want to designate as the signer. (address)
Permissionsβ
The entity executing the action via the Agent will need the DESIGNATE_SIGNER_ROLE
role.
Syntaxβ
exec agent setDesignatedSigner <address>
transfer
Transfers tokens from the Agent to a specified address.
Parametersβ
token
- The token contract address of the token you wish to transfer. (address)to
- The address to send tokens to. (address)value
- The number of tokens you wish to send, considering the decimal precision. (uint256)
Permissionsβ
The entity executing the action via the Agent will need the TRANSFER_ROLE
role.
Syntaxβ
exec agent transfer <token> <to> <value>
External Actionsβ
The Agent uses the act
command to interact with external entities such as smart contracts. The entity wishing to execute an external action will need the role RUN_SCRIPT_ROLE
.
The syntax is as follows:
act <agent> <targetAddress> <function> [inputParameters]
The functions for a given verified smart contract can be found on the write
or write proxy
page in the network's block explorer. For example, here is the contract for the DAI Stablecoin. We can use the basic task of sending DAI to another address to showcase the syntax for act
:
load aragonos as ar
ar:connect exampleDAO token-manager voting (
act agent @token(DAI) transfer(address,uint256) @me 100e18
)
As you can see, we use the helpers @token and @me to retrieve the required addresses.
A complete example could be to approve and deposit 1,000 DAI from the Agent to the Aave Lending Pool V2: (0x7d2768de32b0b80b7a3454c06bdac94a69ddc7a9
).
load aragonos as ar
set $aaveLendingPool 0x7d2768de32b0b80b7a3454c06bdac94a69ddc7a9
ar:connect exampleDAO token-manager voting (
act agent @token(DAI) approve(address,unint256) $aaveLendingPool 1000e18
act agent $aaveLendingPool deposit(address,uint256,address,uint16) @token(DAI) 1000e18 agent 0
)
For an exhaustive list of functions that Agent can perform, check out the contract's code on Github.